yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Revert "remove psk key when ephemeral selected"

Browse source 
This reverts commit 5c28e7aa0e.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-08-21 10:22:33 +08:00
parent e9d4fc09a3
commit 9f7f646b11
3 changed files with 22 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
library/ssl_misc.h
View file

@ -2498,13 +2498,6 @@ MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext(
mbedtls_ssl_context *ssl, mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *end ); unsigned char *buf, unsigned char *end );
/**
* \brief Remove psk from handshake context
*
* \param[in] ssl SSL context
*/
void mbedtls_ssl_remove_psk( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#endif /* ssl_misc.h */ #endif /* ssl_misc.h */

27
library/ssl_tls.c
View file

@ -1662,7 +1662,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
return( ret ); return( ret );
} }
void mbedtls_ssl_remove_psk( mbedtls_ssl_context *ssl ) static void ssl_remove_psk( mbedtls_ssl_context *ssl )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
@ -1682,7 +1682,6 @@ void mbedtls_ssl_remove_psk( mbedtls_ssl_context *ssl )
mbedtls_platform_zeroize( ssl->handshake->psk, mbedtls_platform_zeroize( ssl->handshake->psk,
ssl->handshake->psk_len ); ssl->handshake->psk_len );
mbedtls_free( ssl->handshake->psk ); mbedtls_free( ssl->handshake->psk );
ssl->handshake->psk = NULL;
ssl->handshake->psk_len = 0; ssl->handshake->psk_len = 0;
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
@ -1704,7 +1703,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
if( psk_len > MBEDTLS_PSK_MAX_LEN ) if( psk_len > MBEDTLS_PSK_MAX_LEN )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
mbedtls_ssl_remove_psk( ssl ); ssl_remove_psk( ssl );
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@ -1781,7 +1780,7 @@ int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
( ssl->handshake == NULL ) ) ( ssl->handshake == NULL ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
mbedtls_ssl_remove_psk( ssl ); ssl_remove_psk( ssl );
ssl->handshake->psk_opaque = psk; ssl->handshake->psk_opaque = psk;
return( 0 ); return( 0 );
} }
@ -3523,7 +3522,25 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_ssl_remove_psk( ssl ); #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
{
/* The maintenance of the external PSK key slot is the
* user's responsibility. */
if( ssl->handshake->psk_opaque_is_internal )
{
psa_destroy_key( ssl->handshake->psk_opaque );
ssl->handshake->psk_opaque_is_internal = 0;
}
ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
}
#else
if( handshake->psk != NULL )
{
mbedtls_platform_zeroize( handshake->psk, handshake->psk_len );
mbedtls_free( handshake->psk );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ #if defined(MBEDTLS_X509_CRT_PARSE_C) && \

3
library/ssl_tls13_server.c
View file

@ -760,9 +760,6 @@ static int ssl_tls13_determine_key_exchange_mode( mbedtls_ssl_context *ssl )
else else
if( ssl_tls13_check_ephemeral_key_exchange( ssl ) ) if( ssl_tls13_check_ephemeral_key_exchange( ssl ) )
{ {
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_ssl_remove_psk( ssl );
#endif
ssl->handshake->key_exchange_mode = ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: ephemeral" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: ephemeral" ) );